const express = require('express');
const router = express.Router();
const settingController = require('../controllers/settingController');
const { auth, admin } = require('../middlewares/auth');
const { validate, settingValidation } = require('../utils/validator');

// 所有路由都需要认证
router.use(auth);

// GET /api/settings - 获取所有设置
router.get('/', settingController.getSettings);

// GET /api/settings/:key - 获取单个设置
router.get('/:key', settingController.getSetting);

// PUT /api/settings/:key - 更新设置 (需要管理员权限)
router.put(
  '/:key', 
  [admin, validate(settingValidation.update)], 
  settingController.updateSetting
);

// DELETE /api/settings/:key - 删除设置 (需要管理员权限)
router.delete('/:key', admin, settingController.deleteSetting);

module.exports = router; 